similar to: Bug in Kerberos support for openssh.

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

I wrote a small program to monitor keyboards found on /dev/input/event* It works great but I always get EAGAIN from my read() function. google says this is normal when open() is used and O_NONBLOCK mode. I know this is slightly offtopic but I was wondering if the centos gurus that also program know anything about this. My goal was to not be eating CPU cycles with a small program that just

Hi, Was trying to use the gssapi support and the authentication would consistently die for me. The following patch fixes: --- src/auth/mech-gssapi.c.orig 2006-01-10 15:46:10.000000000 +1300 +++ src/auth/mech-gssapi.c @@ -138,7 +138,7 @@ static OM_uint32 obtain_service_credenti return major_status; } - gss_release_name(&minor_status, gss_principal); +

Hello, I have a compile problem concerning samba-3.0.0 (final) with gssapi on a Solaris 9 machine. I don't know how to fix this, so any suggestions are welcome. Situation: We use LDAP to authenticate logins of a group of users, so I want to use this LDAP directory also from samba. (Openldap-2.1.22 was compiled with BerkeleyDB.4.1, heimdal-0.6 kerberos, and cyrus-sasl-2.1.13). After a

Hola de nuevo, Esta es la información de mi sesion: R version 2.10.1 (2009-12-14) i386-pc-mingw32 locale: [1] LC_COLLATE=Spanish_Spain.1252 LC_CTYPE=Spanish_Spain.1252 [3] LC_MONETARY=Spanish_Spain.1252 LC_NUMERIC=C [5] LC_TIME=Spanish_Spain.1252 attached base packages: [1] stats graphics grDevices utils datasets methods base Lo que yo prentendo es

Trying to update to dovecot-1.0.alpha5 and seeing this at compile time: mech-gssapi.o mech-gssapi.c; then mv -f ".deps/mech-gssapi.Tpo" ".deps/mech-gssapi.Po"; else rm -f ".deps/mech-gssapi.Tpo"; exit 1; fi mech-gssapi.c:30:27: gssapi/gssapi.h: No such file or directory mech-gssapi.c:42: error: syntax error before "gss_ctx_id_t" mech-gssapi.c:51: error:

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

I''m using ActiveScaffold. In the file house_helper.rb I have written the code: def house_form_column(record, input_name) ... list = House.find(:all, :include => ''city'') new_list=... ... list do |element| if record = element.name selec=element.id end end select_tag ''X'',options_for_select(new_list, selected=selec),

In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is called, it does so with the service name of "POP3". GSSAPI uses this service name when obtaining its service credentials. The problem is that according to http://www.iana.org/assignments/gssapi-service-names , the service name should instead be simply "pop". This causes GSSAPI authentication to fail when

I saw some past chatter on this in the list archives, but here is another stab and another rational. This patch follows a similar patch to openssh in that it allows any key in the specified keytab to match the incoming host key. This is necessary for multihomed hosts. See: https://bugzilla.mindrot.org/show_bug.cgi?id=928 IMAP/POP seem to be a strong candidate to be multihomed because they are

I've enabled the GSS code in dovecot, but our Kerberos nerds are complaining that it doesn't work :) I probably have the thing totally misconfigured (so don't worry about that part for now), but I do have a crash: Info: imap-login: Disconnected: rip=XXX.YYY.229.8, lip= XXX.YYY.17.59, TLS handshake Error: auth(default): gssapi(?,XXX.YYY.229.8): While acquiring service credentials: No

I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM

This bug causes a segfault when compiled against heimdal, but not MIT krb5. Either way, I think this code is correct. HTH. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh at cise.ufl.edu

This has been submitted to https://bugzilla.samba.org/ as Bug 636 I'm trying to build Samba 3.0.0 CVS 3.0.1pre2 under Solaris 8 with MIT Kerberos 5 1.3.1 OpenLDAP 2.1.22 using the Sun Workshop 6U2 compiler Arguments to configure are: configured by ./configure, generated by GNU Autoconf 2.53, with options \"'--with-readline' '--with-libiconv=/usr/local'

Hi, I am running configure with the option --with-krb5=/opt/local which is where I have heimdal installed. The problem is that after running make, it still tries to use the include files from SUN that are in /usr/ and this screws up the compile. I can compile samba just fine using --without-krb5. I have already tried: setenv CFLAGS "-L/opt/local/lib" setenv CPPFLAGS

Hi List, My goal in sending this email is to get some direction on where to start looking to solve my problem. Thank you all in advance for reading through this and providing any guidance! I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS 7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/ 2.4.33. Our servers are all sitting behind a load

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

Hi all, We have 2 mail servers sitting behind linux-HA machines.The mail servers are currently running dovecot 1.0rc2. Looking to enable GSSAPI authentication, I exported krb keytabs for imap/node01.domain at REALM and imap/node02.domain at REALM for both mail servers. However, clients are connecting to mail.domain.com, which results in a mismatch as far as the keytab is concerned (and rightly

The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:

Attached is a patch to make sshd work on OSX when using plain ol' Kerberos authentication as opposed to opendirectory authentication. Cheers, Nick -------------------------------------------------------------------------- NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the